Skip to content

Commit

Permalink
Update episode structure
Browse files Browse the repository at this point in the history
  • Loading branch information
lpaglione committed Oct 30, 2019
1 parent f976d4a commit fb269bd
Show file tree
Hide file tree
Showing 14 changed files with 404 additions and 467 deletions.
74 changes: 73 additions & 1 deletion _episodes/01-co.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,76 @@ objectives:
- "List the objectives"
keypoints:
- "List the key takeaways for the episode"
---
---

# 1. The Collaborative Organization (CO)

## How are COs modeled in COmanage?

COmanage is a multi-tenet tool. This means that for each installation, one or more top-level groups can be expressed. These groups are called Collaborative Organizations or COs. Individuals are added to these fundamental groups (COs), but once there, the individuals can be included in multiple sub groups of the CO, called Collaboration Organization Units (or COUs.)

As a collaboration grows in size, it may be useful to create various structures to allow for delegation of person management operations and representation of organizational hierarchy. COmanage Registry supports this through the concept of CO Units, or COUs. As of Registry v3.1.0, CO Departments are also supported.

### The COs

The term “Collaborative Organization” or CO to refer to any formal or informal group of individuals that work collaboratively in a digital setting. They have a goal of a shared infrastructure that supports their collaborations so that the traditional limitations of localized applications may be overcome. Some traits of these COs include:

* These individuals use a common workflow for adding collaborators.
* They share common policies for vetting the identities of collaborators.
* These COs may include individuals in a single organization, or individuals may be in multiple organizations, geographically different regions, or even work independently.

COs can support one our more Collaborative Organization Units (COUs).

# Administrator Roles

COmanage Registry defines three types of administrators.

## Platform (CMP) Administrators _(Also called Registry Admin in the documentation)_

Platform Administrators are effectively super users, with the ability to perform almost all operations on the platform. (Platform Administrators cannot execute enrollment flows for COs unless authorized by the enrollment flow.)

Platform Administrators are configured by [adding the appropriate Organizational Identity](https://spaces.at.internet2.edu/display/COmanage/Default+Registry+Enrollment) to the COmanage CO, and then adding the corresponding person to the CO:admins group (v2.0.0 and later) or admin group (prior to v2.0.0) within the COmanage CO.

The first user added as part of the [Registry Setup Script](https://spaces.at.internet2.edu/display/COmanage/Registry+Installation+-+Registry+Setup+Script) is automatically configured to be a Platform Administrator.

## Collaboration (CO) Administrators

Collaboration Administrators are super users _within a CO_. Collaboration Administrators are configured by adding the appropriate Organizational Identity to the CO (if not already done), and then adding the corresponding person to the CO:admins group (v2.0.0 and later) or admin group (prior to v2.0.0) within the CO.

CO Administrators can manage any CO Group within their CO.

## System Administrators

System Administrators have privileges that enable them to maintain the COmanage application. These capabilities include the ability to provision cluster resources (for example, hardware, virtual machines, etc), Register and maintain IP Addresses, administer application upgrades, manage and conduct operating system upgrades and conduct backups.

---

< TO BE UPDATED >

# Terminology & resources

## COmanage Objects

OBJECT | DESCRIPTION
------ | -----------
`CO Person` :gear: | the representation of a person in COmanage
`CO Group` :gear: | a specific COmanage organizational structure for representing certain collections of `CO Persons` :gear:

## Worksheets

WORKSHEET | DESCRIPTION
--------- | -----------
[Modeling Organization :memo:](/files/handouts/CO310-ModelingOrgs.pdf) | Planning sheet used in this lesson for understanding how the parts of the COmanage Organization fit together.
[CO Planning Worksheet :memo:](/files/handouts/CO320-01_COPlanningWorksheet.pdf) | Planning worksheet for creating your CO(s). Contains all of the configuration sections at a glance.

## Slides

To be included

---

NEXT SECTION: [2. The COU](/_episodes/02-cous.md)

LESSON OVERVIEW: [CO320 - Modeling Your Organization in COmanage](../index.md)

WORKSHOP OVERVIEW: [COmanage Workshop: Managing Identities & Collaborations](https://github.internet2.edu/lpaglione/COmg-trainingOverview/blob/master/README.md)
54 changes: 0 additions & 54 deletions _episodes/01-old-modelingBenefits.md
View file

This file was deleted.

67 changes: 66 additions & 1 deletion _episodes/02-cous.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,26 @@ keypoints:
- "List the key takeaways for the episode"
---

# 2. Collaborative Organization Units (COUs)

"Collaborative Organizations Units" allow you to define an organizational structure within a CO. While many organizations have natural groups within them, the reason that you would divide your CO into COUs are because there are differences across your CO that necessitates different policies in one or more of the following:

* How individuals join and/or leave the group
* There are different rules about how applications get provisioned or deprovisioned
* Who manages person membership and privileges in the group
* The information stored or used about members of the group

If your collaboration–a single entity with common goals–has unique requirements among the different groups and/or departments regarding how participants will join those parts of your collaborations, then, you have a CO that contains COUs. If you have only one common set of policies that define how individuals are added or removed from the CO, then you do not have COU even though you may have groups for simple access control.

When you have COUs, they may represent recognized groups of collaborators like departments, divisions, projects; or they may be related to the privileges that those in the group may have, for example, alumni or parents.

COUs are a structural object within Registry, meaning they can be configured, and that they are used internally for a variety of purposes. The primary purpose of a COU, however, is to allow for delegation of person management operations. [COU Administrators](https://spaces.at.internet2.edu/display/COmanage/Registry+Administrators) can be defined for each COU, giving them the ability to perform lifecycle management operations on the CO People who have CO Person Roles associated with the COU that they manage (or any child COUs of that COU).

If COUs are defined, they can be flat (no hierarchy, all are at the same level), or a COU can have a parent COU (in which case a hierarchy is implied).

> A COU relationship to a CO is similar to the way that LDAP OUs have a relationship within an O.

# CO Person Role Status

As with the :gear: `CO Person` object, each :gear: `CO Person Role` object
Expand Down Expand Up @@ -42,4 +62,49 @@ The status of a CO Person is generally calculated from the status of the CO Pers

The CO Person status is set to the "most preferred" status of the attached CO Person Roles. "Most preferred" is currently defined as the order in the table, below. In general, active statuses are most preferred, followed by expired statuses (since there may have been skeletal records provisioned that need to be maintained), followed by invitation statuses.

CO Person and Person Role Records are passed to Provisioners based on their status, as indicated in the table, below.
CO Person and Person Role Records are passed to Provisioners based on their status, as indicated in the table, below.

# Administrator Roles

COmanage Registry defines three types of administrators.

## Unit (COU) Administrators

Collaboration Administrators with sophisticated administrative requirements may optionally define Unit Administrators. Unit Administrators have limited privileges within the CO, generally related to the ability to enroll and manage populations within the CO Unit (COU).

Unit Administrators are configured by adding the appropriate Organizational Identity to the CO (if not already done), and then adding the corresponding person to the _CO:COU:COU-Name:admins_ group (v2.0.0 and later) or _admin:COU-Name_ group (prior to v2.0.0) within the CO.

COU Administrators can be defined for each COU, giving them the ability to perform lifecycle management operations on the CO People who have CO Person Roles associated with the COU that they manage (or any child COUs of that COU).


---

< TO BE UPDATED >

# Terminology & resources

## COmanage Objects

OBJECT | DESCRIPTION
------ | -----------
`CO Person` :gear: | the representation of a person in COmanage
`CO Group` :gear: | a specific COmanage organizational structure for representing certain collections of `CO Persons` :gear:

## Worksheets

WORKSHEET | DESCRIPTION
--------- | -----------
[Modeling Organization :memo:](/files/handouts/CO310-ModelingOrgs.pdf) | Planning sheet used in this lesson for understanding how the parts of the COmanage Organization fit together.
[CO Planning Worksheet :memo:](/files/handouts/CO320-01_COPlanningWorksheet.pdf) | Planning worksheet for creating your CO(s). Contains all of the configuration sections at a glance.

## Slides

To be included

---

NEXT SECTION: [2. The COU](/_episodes/02-cous.md)

LESSON OVERVIEW: [CO320 - Modeling Your Organization in COmanage](../index.md)

WORKSHOP OVERVIEW: [COmanage Workshop: Managing Identities & Collaborations](https://github.internet2.edu/lpaglione/COmg-trainingOverview/blob/master/README.md)
Loading

0 comments on commit fb269bd

Please sign in to comment.